Jeff Moulton: "When Convenience Trumps Privacy - You Lose!"

21. september 2016

Jeff Moulton
We live in a society where convenience trumps privacy. Societal norms have shifted from one where data was closely held to one where this same information is openly shared or unintentionally exposed to anyone with Internet access. Even more alarmingly, this information will remain public and can be accessed in perpetuity.

Technology advances have made us vulnerable in ways that only a generation ago seemed implausible. Our “always on” society is increasingly connected by the “Internet of Things” providing a ubiquitous environment where our information is exposed; stored; and exchanged with both trusted and nefarious entities.

Cyber-attacks are on the rise. It is the norm to learn daily of identity theft; hacked cars; stolen healthcare records; and virtual bank heists. The results of this exposure includes: individuals being financially ruined; companies facing economic loss due to hacked infrastructure; organizations paying ransoms to unlock data; and government’s having sensitive data exposed. We have grown so accustomed to hearing of negative cyber events that we now accept this phenomenon as normal.

Today, our devices (autos, toys, phones, computers, and appliances) are connected to provide convenience and make our lives easier and more enjoyable. However, that connectivity and convenience comes with a cost. We have become dependent and addicted to this connectivity causing many people to suffer depression, aggression, and anxiety attacks from something as simple as battery loss. (http://www.techtimes.com/articles/138483/20160305/heavy-smartphone-use-can-lead-to-depression-anxiety.htm)

With identity theft occurring every 2 seconds, we should be more conscious in our choices and do a better job to protect ourselves and our families. According to AllClear ID, children are 35 times more likely to be victims of identity theft than adults. Child identity theft is more prevalent than adult identity theft and usually goes unnoticed because children don’t have the same need to check their digital footprint. Last year, the rate of young victims of identity theft doubled and the percentage of victims under the age of 5 increased by 105 percent. For the identity thief, the younger the child the better, because it gives the thief more time to operate undetected. (“Child ID Theft Report, “What to Know:” May 1, 2012, AllClear ID). As these children grow up and begin to apply for college; attempt to purchase a car; look for homes; or try to secure business loans, they will find their credit has been destroyed unknowingly earlier in their lives.

This is not an isolated problem. Researchers have found that 97 percent of US children under the age of four use mobile devices with most having their own smart phone. This includes 50 percent who were multi-tasking on more than one device. The study also found 20 percent of one-year-olds have their own tablet computer and 28 percent of two-year-old’s navigate a mobile device without help. (https://www.rt.com/usa/320541-young-children-mobile-devices/) Naïve users; limited parental supervision; and the lack of proper cyber practices are all ingredients leading to a negative cyber incident. So what do we do about it?

For starters, we need to recognize we have a problem; quit believing it simply won’t happen to us; and remember that our digital information is interesting and valuable. Simply recognizing that we live in an increasingly connected world is big step. Televisions, refrigerators, even crock pots now have the ability to be networked together and while this offers a tremendous amount of convenience, it also provides unprecedented access to you and your family. The first thing to do is read the fine print. Manufactures must disclose the details of how their products use, store, and transmit your data. All too often we are lazy; trusting; or busy and fail to read or heed these warnings.
You should exercise your right to “Just Say No”. By applying common sense when exposing information, you will be proactive with prevention versus reactive to a hack. Remember nothing other than effective marketing compels you to volunteer private information when using products or services for the sake of convenience.

One recent example is the Mattel Corporation who are the makers of the Barbie Doll. Mattel was recently criticized when their new Barbie Doll used voice recognition technology to “talk” and “listen” to children. It wasn’t enough to simply converse with the child. Mattel took it a step further by activating an embedded microphone to record responses to questions and then uploaded that information to their cloud servers.

As a cyber professional and more importantly as a parent and grandparent, I was outraged. We need to say “no.” We need to collectively fight back against this intrusiveness with the power of the purse. Mattel technically didn’t break any laws and it’s unlikely that Mattel will pull this toy from shelves. After all, they combined two things that children love: ceaseless talking and Wi-Fi connectivity. (http://www.craveonline.com/design/838717-parents-fear-talking-barbie-doll-will-exploit-their-children#ulSl7Kq1t3aJr4SK.99)

Of course, we cannot say “no” to everything. So how do we balance security; convenience; and connectivity? The answer is to employ appropriate cyber hygiene. Cyber hygiene is the establishment and maintenance of an individual's online safety. It is the online equivalent of personal hygiene and encapsulates daily routines; occasional checks; and general behaviors required to maintain a user's online "health"; i.e., privacy and security. (https://en.wikipedia.org/wiki/Cyber_hygiene)

Let’s throw away the term the “Internet of Things” and replace it with the “Internet of You.” Cyber hygiene is personal. Just like the physical world, the digital world requires a degree of hygiene to limit your exposure. To carry the analogy further, consider influenza, which has been around for hundreds of years. We’ve learned to employ a variety of hygienic means to limit our exposure. First, we recognize the virus is active and spreading and limit exposure to places and people we know to be infected. We wash our hands; get a flu shot; and see the doctor if we experience symptoms. The flu doesn’t infect individuals selectively and neither do viruses in the digital world. 92 percent of identity theft victims did not know anything about the offender (“Victims of ID Theft, US Department of Justice, Sep 2015). We need to apply the same degree of caution we use in the physical world to our digital lives.

Cyber hygiene is simple. You need to control what you can; be aware of what you can’t; and know the difference. It doesn’t require a technical degree, but it does require behavioral changes; commitment; and tailoring to fit your lifestyle. For example, simple cyber hygiene techniques include: establishing separate accounts and passwords for each member of your family; frequently masking and resetting your wireless router password; and using a disposable credit card for online purchases. In my class, “Low Tech solutions in a High Tech World,” I go into detail on how you can employ small easy to live with practices that will further limit your cyber exposure and protect your family.

The “Internet of You” is here to stay. Ubiquitous connectivity coupled with our always-on personal devices set us up for a relentless attack on our information. We need to act responsibly and take steps to limit this exposure. Awareness, action, and effective cyber hygiene is the best strategy to ensure success. Remember, stop-think-then click!

About the Author

Jeff Moulton is a cyber security expert and Adjunct Professor in LSU’s College of Engineering. He is a Certified Information Systems Security Professional (CISSP) and holds certifications in Information Systems Security Engineering. He was also one of the Cyber Security Summer School 2016 mentors.

The article was published on the Postimees website (September 14, 2016), find it here >>

Add a comment

Email again: